<?php
# !!!!!!!!!! DON'T MAKE ANY CHANGE IF YOU DON'T KNOW WHAT YOU'RE DOING !!!!!!!!!!
// --------------------------------------------------------------------------------------------------------------
// File Name              :	myinfo.php
// Last Modification Time	:	2008-02-01 24:00
// Last Modified by       :	turker (turker.biz@gmail.com)
// list of modifications  :
//
//	- 2008-02-01 turker
//		* 24:00 file created.
//
// --------------------------------------------------------------------------------------------------------------
if (eregi("myinfo.php",$_SERVER['PHP_SELF'])) {
	header ("Location:.$SITE_URL/./index.php");
	exit;
}

if (!isLogged()) {
	header ("Location:$SITE_URL/");
	exit;
}
?>
<!--div:icerik -->
    <div id="icerik">
      <p>
<?php
if (empty($_POST)) {
  $id=getActiveUser('id');
  $email=getActiveUser('email');
  $name=$prep->html(getActiveUser('name'));
  $lang=getActiveUser('lang');
  $bdate=getActiveUser('bdate');
  $gender=getActiveUser('gender');
  $phone=$prep->html(getActiveUser('phone'));
  $address=$prep->html(getActiveUser('address'));
  $city=getActiveUser('city');

  /* Bilgilerim */
  $m=$f='';
  if ($gender=='m') $m=' selected';
  if ($gender=='f') $f=' selected';
  $lang=listLangs($lang);
  $cities=listCities($city);
  $bdate=date('d/m/Y',$bdate);
  $bdate=explode('/',$bdate);
  $day=$bdate[0];
  $month=$bdate[1];
  $year=$bdate[2];

  $action='index.php?page=myinfo';
  if ($SITE_SEO) $action=$SITE_URL.'/myinfo';
  $userinfo='
    <span class="uyari">'.$_LANG['myinfo']['msg1'].'</span>
    <form name="userinfo" id="userinfo" method="post" action="'.$action.'" class="box" />
    <input type="hidden" name="userid" value="'.$id.'" />
    <input type="hidden" name="email" value="'.$email.'" />
    <label>*'.$_LANG['general']['name'].':</label> <input type="text" maxlength="15" name="name" id="name" accesskey="req" value="'.$name.'" /><br />
    <label>'.$_LANG['general']['email'].':</label> <input type="text" disabled value="'.$email.'" /><br />
    <label>'.$_LANG['myinfo']['oldpass'].':</label> <input type="password" maxlength="15" name="oldpass" id="oldpass" /><br />
    <label>'.$_LANG['myinfo']['newpass'].':</label> <input type="password" maxlength="15" name="newpass" id="newpass" /><br />
    <label>'.$_LANG['myinfo']['newpassa'].':</label> <input type="password" maxlength="15" name="newpassa" id="newpassa" /><br />
    <label>'.$_LANG['general']['lang'].':</label> '.$lang.'<br />
    <label>'.$_LANG['general']['bdate'].':</label> '.$_LANG['general']['day'].': <select name="day" id="day">';
  for($i=1;$i<32;$i++) {
    $selected='';
    if ($i==$day) $selected=' selected';
    $userinfo.='<option value="'.$i.'"'.$selected.'>'.$i.'</option>';
  }
  $userinfo.='</select>&nbsp;'.$_LANG['general']['month'].': <select name="month" id="month">';
  for($i=1;$i<13;$i++) {
    $selected='';
    if ($i==$month) $selected=' selected';
    $userinfo.='<option value="'.$i.'"'.$selected.'>'.$i.'</option>';
  }
  $userinfo.='</select>&nbsp;'.$_LANG['general']['year'].': <select name="year" id="year">';
  for($i=1940;$i<1995;$i++) {
    $selected='';
    if ($i==$year) $selected=' selected';
    $userinfo.='<option value="'.$i.'"'.$selected.'>'.$i.'</option>';
  }
  $userinfo.='</select><br />
    <label>'.$_LANG['general']['gender'].':</label> <select name="gender" id="gender"><option value="m"'.$m.'>'.$_LANG['general']['male'].'</option>
    <option value="b"'.$f.'>'.$_LANG['general']['female'].'</option></select><br />
    <label>*'.$_LANG['general']['phone'].':</label> <input type="text" maxlength="11" name="phone" id="phone" accesskey="req" value="'.$phone.'" /><br />
    <label>'.$_LANG['general']['city'].':</label> '.$cities.'<br />
    <label>'.$_LANG['general']['address'].':</label> <textarea name="address" id="address">'.$address.'</textarea><br />
    <label></label><input type="submit" value=" '.$_LANG['myinfo']['umyinfo'].' " id="reg" class="input-submit" />
    </form><br />';

  /* Bilgilerim Son */

  /* Siparişlerim */
  $waiting_orders='';
  //id, basket_ids, buy, buy_date, send, send_date, address, order_note, admin_note, user_id, total
  $q=$mysql->query("select id,buy_date,order_note,total from $ORDERS_TABLE where buy='1' and send='0' and user_id='$id'");
  if ($mysql->numRows($q)>0) {
    $waiting_orders.='<table cellpadding="2" cellspacing="0" width="100%">';
    $waiting_orders.='<tr><th align="center">'.$_LANG['general']['date'].'</th>
    <th align="center">'.$_LANG['makeorder']['onote'].'</th><th align="center">'.$_LANG['makeorder']['total'].'</th></tr>';
    while ($read=$mysql->fetch($q)) {
    	$id=$read['id'];
    	$buy_date=$read['buy_date'];
    	$total=$read['total'];
    	$order_note=$prep->html($read['order_note']);
    	$buy_date=strftime("%d %b %y %a %H:%M",$buy_date);
    	$buy_date=iconv("ISO-8859-9", "UTF-8",$buy_date);

    	$send_link="index.php?page=orders&id=$id";
    	$waiting_orders.='<tr><td align="center"><a rel="shadowbox;width=760;height=555" title="'.$_LANG['myinfo']['myorders'].'" href="'.$send_link.'">'.$buy_date.'</a>
    	                 </td><td>'.$order_note.'</td><td align="right">'.$total.' YTL</td></tr>';
    }
    $waiting_orders.='</table><br />';
  }
  else $waiting_orders='<br />'.$_LANG['myinfo']['msg2'].'<br />';

  /* Siparişlerim Son */

  /* Satın Aldıklarım */
  $send_orders='';
  //id, basket_ids, buy, buy_date, send, send_date, address, order_note, admin_note, user_id, total
  $q=$mysql->query("select id,send_date,admin_note,total from $ORDERS_TABLE where buy='1' and send='1' and user_id='$id'");
  if ($mysql->numRows($q)>0) {
    $send_orders.='<table cellpadding="2" cellspacing="0" width="100%">';
    $send_orders.='<tr><th align="center">'.$_LANG['general']['date'].'</th><th align="center">'.$_LANG['myinfo']['sitenote'].'</th>
    <th align="center">'.$_LANG['makeorder']['total'].'</th></tr>';
    while ($read=$mysql->fetch($q)) {
    	$id=$read['id'];
    	$send_date=$read['send_date'];
    	$total=$read['total'];
    	$admin_note=$prep->html($read['admin_note']);
    	$send_date=strftime("%d %b %y %a %H:%M",$send_date);
    	$send_date=iconv("ISO-8859-9", "UTF-8",$send_date);

    	$send_link="index.php?page=orders&id=$id";
    	$send_orders.='<tr><td align="center"><a rel="shadowbox;width=760;height=555" title="'.$_LANG['myinfo']['mybuy'].'" href="'.$send_link.'">'.$send_date.'</a></td>
    	             <td>'.$admin_note.'</td><td align="right">'.$total.' YTL</td></tr>';
    }
    $send_orders.='</table><br />';
  }
  else $send_orders='<br />'.$_LANG['myinfo']['msg3'].'<br />';
  /* Satın Aldıklarım Son */
?>
<h1><?php echo $_LANG['myinfo']['mypage']; ?></h1><br />
<div class="tabber">
  <div class="tabbertab">
    <h4><?php echo $_LANG['myinfo']['myinfo']; ?></h4>
    <p><?php echo $userinfo; ?></p>
  </div>

  <div class="tabbertab">
    <h4><?php echo $_LANG['myinfo']['myorders']; ?></h4>
    <p><?php echo $waiting_orders; ?></p>
  </div>

  <div class="tabbertab">
    <h4><?php echo $_LANG['myinfo']['mybuy']; ?></h4>
    <p><?php echo $send_orders; ?></p>
  </div>
</div>
<a rel="shadowbox;width=760;height=555" title="fix" href=""></a>
<?php
  if (goBack()) echo goBack();
}
else {
  # prepare $_POST
  foreach ($_POST as $key=>$val) $_POST[$key]=trim($val);
  extract($_POST,EXTR_OVERWRITE);

  # check $_POST
  $valid=new Validation();
  $valid->isEmpty($userid,$_LANG['errors']['error2']);
  $valid->isNumber($userid,$_LANG['errors']['error2']);
  $valid->inRange($name,55,5,$_LANG['lostpass']['error2']);
  $valid->inRange($email,55,6,$_LANG['lostpass']['error1']);
  $valid->inRange($phone,11,7,$_LANG['register']['error1']);
  $valid->checkEmail($email,$_LANG['general']['imail']);
  if (!empty($oldpass)) { # old pass is correct ?
    $valid->inRange($oldpass,15,5,$_LANG['register']['error2']);
    $valid->inRange($newpass,15,5,$_LANG['myinfo']['error1']);
    $valid->isEqual($newpass,$newpassa,$_LANG['myinfo']['error2']);
    $oldpass=md5(strrev(md5($mysql->escape($oldpass))));
    $q=$mysql->query("select id from $USERS_TABLE where password='$oldpass' and id='$userid'");
    if ($mysql->numRows($q)!=1) $valid->errorList[]=$_LANG['myinfo']['error3'];
  }

  if ($valid->isError()) $valid->listErrors();
  else { #no error
    foreach ($_POST as $key=>$val) $_POST[$key]=$mysql->escape($val);
    extract($_POST,EXTR_OVERWRITE);

    $pass='';
    if (!empty($oldpass)) {
      $newpass=md5(strrev(md5($mysql->escape($newpass))));
      $pass=",password='$newpass'";
    }
    $bdate=mktime(0,0,0,$month,$day,$year);

    // id, email, password, name, lang, date, level, bdate, gender, phone, address, city
    $sql="name='$name',lang='$lang',bdate='$bdate',gender='$gender',phone='$phone',address='$address',city='$city'$pass";
    $q=$mysql->query("update $USERS_TABLE set $sql where id='$userid'");
    if (!$q) echo $_LANG['errors']['error'].' '.$_LANG['errors']['error1'].' '.$SITE_ADMIN_MAIL;
    else {
      unset($_SESSION['user']);
      $q=$mysql->query("select * from $USERS_TABLE where id='$userid'");
      $read=$mysql->fetch($q);
      $_SESSION['user']=$read;
      if (!$SITE_SEO) header("Location: $SITE_URL/index.php?page=myinfo");
      else header("Location: $SITE_URL/myinfo");
    }
  } // else
} // else
?>
      </p>
    </div>
<!--//div:icerik -->